tag:blogger.com,1999:blog-67434913192475351732018-03-05T08:21:42.393-08:00You Are GoThoughts on small heterogeneous networks. And many other things.
Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-6743491319247535173.post-34341741002049469212017-04-19T11:29:00.001-07:002017-04-19T11:29:49.206-07:00Date format<p dir="ltr">On handwritten notes I spell out the month, use numerical day, and 4-digit year. IE April 19, 2017. This has the least confusion.</p><p dir="ltr">For filenames etc I use 4-digit year, numerical 2-digit month, numerical day. This allows the directory list to be sorted properly. IE 2017-04-19-logcopy, etc.</p>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-43362897253064164162016-12-03T12:06:00.001-08:002016-12-03T12:06:30.831-08:00Privacy and Information security curriculum for non-technical users/smb employees?<p dir="ltr">Does anyone know of one? I would love to have such a curriculum to share with people I encounter through work. Unfortunately the annual training I do is not shareable outside the company it is for, despite being super awesome.</p><p dir="ltr">Looking for something on types of info needing different levels of secrecy, real-world scenarios including non-technical accidental breaches, etc.</p>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-90776791785767407402016-12-03T12:01:00.001-08:002016-12-03T12:01:59.999-08:00I keep seeing more and more cabover trucks<p dir="ltr">First company to make a hybrid cabover mini-truck with a 500kg+ net weight and electric power take off for the north American market wins.</p><p dir="ltr">Bonus points if it has adjustable suspension height and a removable pickup bed so it can literally pick up loads.</p>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-50709518491422086512016-01-12T09:35:00.001-08:002016-01-12T09:35:42.696-08:00Pickup truck market<p dir="ltr">There will be a glut on the market for fullsize/oversize/jacked-up pickup trucks very soon. </p>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-57471312749682645622016-01-10T18:56:00.000-08:002016-01-10T18:56:30.383-08:00Idea 1 - Reduced tillage modification for paper pot transplanter, plus bigger scale.Hey.<br />Our garden is tiny, and all raised bed. But I think about small-scale farming from time to time. When I do think about it, I tend to research it in depth and some pretty obscure subjects, and I like to combine seemingly disconnected ideas to make new things. Two of the things that have caught my eye are reduced-tillage techniques and paper pot transplanters.<br /><br />Reduced tillage techniques seek to improve soil conditions while simultaneously reducing inputs (herbicide, labour, tractor fuel, fertilizer, etc) by incorporating cover crops and just not ploughing as much - or at all on some farms. For example, in the fall after a field has been harvested the farmer would plant a mix of fall rye and clover which would grow until it is killed off by frost, mechanical action, or herbicide . Once killed off, it is left undisturbed, adding carbon &nbsp;and nitrogen back to the soil and acting as mulch to block weeds from growing. Come spring, the field is planted with a special seed drill which sweeps the planting rows clear of "trash" (cover crop debris) then cuts a channel more aggressively with a sharp fluted opening disk then plants the seed and rollers compact it in. Most zero-till seed drills are huge units for industrial-scale farms - though there is a unit manufactured in Canada for 5' wide planting with a small tractor.<br /><br />On a totally different scale - paper-pot transplanters are a <a href="http://smallfarms.cornell.edu/2014/07/08/paper-pot/" target="_blank">system for transplanting</a> <i>a single row</i>&nbsp;of closely spaced seedlings (originally rice, now many plants) into soft, loose, trash-free, well-worked soil. They are pulled manually while another person loads trays of seedlings. The seedlings are growing in little paper cells in a honeycomb pattern which tear apart in strips as the transplanter is pulled along. A regular angled opener opens a &nbsp;furrow in the soil for the seedling strip as it is pulled along, the seedling strip is pulled out the back, and little wheels close the furrow around the seedling. Because the transplanter is being pulled by a person it would be too hard to pull if it had a row sweep or disk opener required to plant into soil with a lot of old roots.<br /><br />A handy farmer could rig up a paper-pot transplanter to a small tractor and add a trash sweep/hoe and heavy fluted disc opener &nbsp;- but then he'd be running the tractor (paying for fuel and labour) to <i>very slowly</i>&nbsp;plant a single row of crops... which are plantable at very narrow spacing so he'd probably prefer to plant many rows or interplant several crops at the same time...<br /><br />Well, fortunately the paper pot transplanter is mostly flat and at an angle... so if the feed were set up to come off one corner of the tray rather than the middle of the end, several rows of them could be stacked staggered - just like mouldboard ploughs are - to plant several rows while still having access to load trays from the front/top. &nbsp;<br /><br />So there you go - a multi-row paper-pot transplanter which might be able to plant into zero-till fields.<br /><br />Add a roller-crimper in front and you can kill off the cover and transplant your crop in a single pass.<br /><br /><br />Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-19629167611856990892016-01-03T11:34:00.000-08:002016-01-03T11:34:42.802-08:002016 - Expanding the topics to be covered When I started this blog I wanted to write primarily about my experiments in setting up a domain server using Ubuntu - but work obligations took my attention away from that project.<br /><br /><br />Now it's 2016 and it looks like the Zentyal CE project is a better solution than mine for most use cases - maybe I could do a few things better ... but the people on that project have a lot more time to consistently work on it.<br /><br />A while back I expanded to include anything related to small &nbsp;heterogeneous &nbsp;networks... But I didn't have much time to devote to that either as my work schedule is pretty erratic.<br /><br /><br />At my wife's urging I have now decided to expand the topics covered to include my invention ideas. Some of them are ideas for new products - some changes to existing products - and some are process ideas or comparisons of different ways different companies do things. She probably is tired of me coming home saying ... truck designs are bad, they should be like this... and ... small business server designs are ill-fit, they should be like that, and small retail site networks are unnecessarily complex, they should be like that.... etc but then never telling anyone else about it.<br /><br />I often come home telling my wife about how x-company does their network (inefficiently) or the like and it should be like this - her response is usually that I should blog about it (without naming names) in the hopes that someone who is in a position to change things reads it.<br /><br /><br />Some of the posts may not be new ideas - just explanation of existing ideas that are not implemented often enough because people are just too rushed to do them - for example a planned post about mounting wall-mountable electronics to your desk to cut clutter. Others are not often done presumably because of corporate inertia or contractual obligations.<br /><br />Anyhow, hopefully people find my ideas interesting. Also I intend to learn a few skills to experiment with my ideas - drafting with sketchup, exporting for CNC/3D-Printing/Lasercutting etc, &nbsp; and sewing would be super handy to create diagrams and/or proof-of concepts pieces.<br /><br /><br />Currently I have a list of 27 ideas to blog about, I'm sure I will come up with more over the year.<br />Also I'll likely have occasional posts about how to do things computer/network wise...<br /><br />So, here's a few from my current list:<br /><br /><ul><li>A new class of work truck</li><li>Simple kit for humanitarian relief for hard to get to areas</li><li>New (slightly different) form factor for small retail/branch office server</li><li>A line of work clothes - because most workwear companies assume you're in construction OR a mechanic OR a lawyer, with little in between</li><li>Changing network scope on SOHO RouterOS routers (Routerboard) - there is a trick to it.</li></ul><br />Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-29731502331362962952014-08-15T22:03:00.002-07:002014-08-15T22:03:41.763-07:00Backup thoughts, hard won from recent experience.<span style="color: #999999; font-family: Verdana, sans-serif;">Time machine is cool when it works.</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">When it does not though it is not so cool.&nbsp;</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">Same goes for windows backup and rdiff-backup to another disk.</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">But! If the backup disk (or sparsebundle) is directly mounted on the machine that is doing the backup... &nbsp;what if there is some hickup in your filesystem code somehow <i>while the backup disk is mounted</i>...? BOOM! goes your system disk AND backup.</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">This is exactly what happened recently with my wife's MacBook Pro. It appears that the machine had a crash somehow going to sleep while doing a backup to the NetATalk share on my home linux server. The system partition was irrecoverably corrupted and so was the sparsebundle containing time machine. (After cloning the system drive with dd) I ended up having to reinstall OSX and restore the profiles from a backup <i>of the server</i>, then recover <span style="font-size: xx-small;">some </span>of the more recent files from the system drive image using DiskWarrior. &nbsp;</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">I am rebuilding the home server <i>real soon now</i>&nbsp;(the new HDD is backordered and now I am on call until next weekend). I was already planning to set up a complex set of btrfs subvolumes, so now the plan is to have the TimeMachine NetATalk shares be subvolumes with frequent snapshots so that previous snapshots are out of scope of the machine doing the backing up. Likewise with the smb shares that 2 windows machines are backing up onto.</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">So the server's subvolumes are like so:</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">root (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">home (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">mytimemachine AFP (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">wifestimemachine AFP (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">aperturevault AFP (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">testWin7Box SMB (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">worklaptop SMB (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">persistantshare SMB (and snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">volatileshare SMB (NO Snapshots)</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">And after several steps, the intirim backup solution for the server itself will be one 2TB disk in &nbsp;&nbsp;</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;">an eSATA cradle with one main subvolume (and it's snapshots) to which the current version of each of those (except the volatileshare) are rsync'd.</span><br /><span style="color: #999999; font-family: Verdana, sans-serif;"><br /></span><span style="color: #999999; font-family: Verdana, sans-serif;">Eventually the plan is to score a gratis small desktop with room for up to 4 drives that can live in another building (we have power line ethernet to it working already) so it can wake on schedule daily, receive the backup via rsync, snapshot the backup, and shut itself down when complete. Thus the server also will not have write access to it's own past backups. Also the uptime of the second server should be minimal (first backup will be done in the house via gigabit LAN) and thus power consumption as well. &nbsp; &nbsp;</span><br /><br />Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-24746000624487298152012-07-25T19:49:00.000-07:002012-07-25T19:49:00.637-07:00Create a roaming profile user from the command line<div style="font-family: Verdana,sans-serif;">Use this to create a roaming profile user named potato with password potatopass</div><div style="font-family: Verdana,sans-serif;"><br /></div><div style="font-family: Verdana,sans-serif;">samba-tool user create potato potatopass --profile-path='\\testdc\profiles\potato'</div><br />Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-49738956452702447812012-07-24T17:50:00.003-07:002012-07-24T17:50:36.287-07:00Update....<div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">I am currently working on a new version of the script that does the directory setup for roaming profiles and folder redirection, but it's not yet ready to share.</span></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-38184967434463196082012-07-21T16:39:00.001-07:002012-07-21T16:39:15.742-07:00BTRFS mirroring on root<div style="font-family: Verdana,sans-serif; text-align: justify;">If you have set up your system with btrfs mirroring for the root drive (ie by booting into the rescue environment on the installer, making the FS, then booting the installer, telling it to use one of the btrfs partitions as btrfs but not format... then when done doing a grub-install onto the other drives)...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">If you lose a drive (on purpose or otherwise)...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">When you reboot the first time if you have not replaced the drive you need to edit the kernel command line so that it says "rootflags=degraded,subvolid=@", not "rootflags=subvolid=@,degraded"...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">Also, if you're testing by yanking the sata cables, re-adding, rebalanceing, removing the failed drive-id, etc over and over without rebooting, it will get to a point where all the data lives on only one drive without a mirror. If you reboot and rebalance again and remove any missing drive it should fix it.</span></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-68754863350285773102012-07-21T08:47:00.004-07:002012-07-21T08:47:42.111-07:00(meta blog post) What is Cultek.com?<div style="text-align: justify;"><span style="font-size: small;"><span style="font-family: Verdana,sans-serif;">I see a few people (possibly from Russia) have been visiting by following a link from Cultek.com , which appears to be a members-only site... What is Cultek.com? Are you discussing this project internally?</span></span></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-3253692212480836562012-07-19T18:05:00.003-07:002012-07-19T18:05:52.731-07:00Updated Quick and Dirty Samba4 DC instructions<div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">Made apparmor allow the specific libraries that bind9 needs, rather than any libraries under the samba heirarchy. </span></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-36651647057853834692012-07-16T20:03:00.006-07:002012-07-16T20:03:49.924-07:00First version of the quick and dirty Samba4 Domain Controller Setup<div style="font-family: Verdana,sans-serif; text-align: justify;"><a href="http://youarego.blogspot.ca/p/quick-and-dirty-samba4-domain.html">Samba4 quick and dirty domain controller setup</a></div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Note that this requires the router to be configured to handle DHCP, passing the domain controller as primary DNS and WINS (see my earlier entry on router config).</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">For some reason it took doing an nslookup of testdc.testdomain.local at the command line on&nbsp; the win7 box before the domain join worked... I will investigate why...</span></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-45830324063459284602012-07-15T02:09:00.000-07:002012-07-15T11:44:33.961-07:00Router Config<div style="text-align: left;"></div><div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">In order to work on the network, each device must find it's own numeric address, and the numeric address of any computer it wants to talk to. To work on the domain, it must know find the numeric address of local computers; the domain controller handles this. To work on the internet it must find the Ip of internet computers. With windows small network servers DHCP (handing each workstation it's own address) and DNS are often done only by the domain controller. This is simple, but if the server goes down all of the computers go down... If we let the router do DHCP, and point the first DNS to the server and the second DNS to the ISPs server or public DNS then local networking goes through the server, and if the server has a problem the workstations can still surf the web and/or remote in to the server. </span><br /><br /><br /><span style="font-family: Verdana,sans-serif;">You'll want to change a few settings to make your network clients use the Samba server for DNS -&nbsp; without breaking DNS on the server.... Here my Samba Domain Controller will be on 192.168.1.2, and I have set it as the primary DNS and WINS servers. Also note that I am using google DNS just because it is much faster than my ISP. </span></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-v1LCGKMjp4U/UAKHNeg6gDI/AAAAAAAAAA4/VC1A1Vs1HUM/s1600/router+dhcp+config+-+narrow.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-v1LCGKMjp4U/UAKHNeg6gDI/AAAAAAAAAA4/VC1A1Vs1HUM/s1600/router+dhcp+config+-+narrow.png" /></a></div><div style="text-align: justify;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-9tfiaXBA0uo/UAJ_reABBbI/AAAAAAAAAAM/xpbcl8BO72M/s1600/routerdhcp+config+1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a></div><br /><br /><div style="font-family: Verdana,sans-serif; text-align: justify;">Under services management I have set a static reservation for the DC. This means if you re-install the OS you don't have to manually reset it to static IP nor configure the secondary DNS. Note that when you enter the MAC address it must have any letters capitalized, and have the colons. If you replace the server motherboard you will need to update this.</div><br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-FX56Pes5n8M/UAJ_tZMfcII/AAAAAAAAAAU/NkaqODuc2m4/s1600/router+dhcp+config+2.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://2.bp.blogspot.com/-FX56Pes5n8M/UAJ_tZMfcII/AAAAAAAAAAU/NkaqODuc2m4/s1600/router+dhcp+config+2.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">On services tab, domain controller gets a reserved DHCP entry</td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">Here's a few more changes to note, all of them somewhat self-explanatory.</span> </div>&nbsp; <br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-f3B2_z3f96k/UAJ_vnuBcdI/AAAAAAAAAAc/OuOQjP20xyE/s1600/router+ntp+config.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-f3B2_z3f96k/UAJ_vnuBcdI/AAAAAAAAAAc/OuOQjP20xyE/s1600/router+ntp+config.png" />&nbsp;</a></td><td style="text-align: center;"></td><td style="text-align: center;"></td><td style="text-align: center;"></td><td style="text-align: center;"></td><td style="text-align: center;"></td><td style="text-align: center;"></td><td style="text-align: center;"><br /></td></tr><tr><td class="tr-caption" style="text-align: center;">Router gets time from your local official time source</td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-eubIGU91nrc/UAJ_ypiXW8I/AAAAAAAAAAk/Kta_vT-DkC4/s1600/router+wake+on+lan.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-eubIGU91nrc/UAJ_ypiXW8I/AAAAAAAAAAk/Kta_vT-DkC4/s1600/router+wake+on+lan.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">For testing purposes it's handy to enable wake on LAN on your test network machines.</td></tr></tbody></table><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-iU7dV8K4kXU/UAJ_0RcI4aI/AAAAAAAAAAs/_6_W8oSB3dw/s1600/router+port+forward.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-iU7dV8K4kXU/UAJ_0RcI4aI/AAAAAAAAAAs/_6_W8oSB3dw/s1600/router+port+forward.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">You'll want to port forward ssh to your domain controller if you administer it from outside the LAN</td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><br />Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-1451926062682250312012-07-14T20:42:00.000-07:002012-07-14T20:42:00.838-07:00What's working now, as I start this blog<div style="font-family: Verdana,sans-serif; text-align: justify;">Well...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Everything... and some... and none...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Most of this project is based on other's work, which is working... Samba 4 acts as a DC for many sites... In fact I have worked on a few big companies where locally assembled versions of older Samba, OpenLDAP, Bind, and Kerberos have been combined to act as a DC and groupware for windows hosts... but little of this is documented publicly and much of it is highly specialized to their needs.</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">In my house are 2 networks that I have set up for this project...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">My Production network (for lack of a better term) has a&nbsp; Linux host acting as server to Mac, Windows, Linux, Android, and iOS devices... It has Samba shares, IMAP email, Davical calendering and contacts,&nbsp; iSCSI shares, and AppleTalk acting as a time capsule. My backup scripts work for my customized setup, and have even been tested in a baremetal recovery... but all of the services use local user authentication, and there was no easy, documented, repeatable way to build it from scratch...</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">My testing network consists of a donated consumer router running DD-WRT, an HP Proliant ML110 G3 ( a 2005 era Pentium 4 based small business server which was donated), and a Dell Optiplex Slim tower ( also donated) running Windows 7 Professional. I have successfully set up Samba4 as a domain controller on the server and added the workstation to the domain.</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="text-align: justify;"><span style="font-family: Verdana,sans-serif;">So, my first step will be to use the .bash_history on the test server to make a script to turn a fresh Ubuntu 12.04 server install into a Samba4 DC.</span></div>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0tag:blogger.com,1999:blog-6743491319247535173.post-23464085006315948752012-07-14T18:12:00.002-07:002012-07-14T18:12:32.661-07:00Blog Topic<div style="font-family: Verdana,sans-serif;">Hi,</div><div style="font-family: Verdana,sans-serif; text-align: justify;">This blog is about my ongoing experiments with heterogenous networking.&nbsp;</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Sure, you can build a small organization or home server with a domain controller, fileshares, groupware, database, and centralized backup on a Linux host... no problem... but how?&nbsp;</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">All the documentation I could find is extremely poor, incorrect, covers only one aspect, or leaves out reasons behind major decisions. I intend to change that.</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Likewise, all the related packages (for ubuntu at least) have default configurations that assume UNIX-like authentication and user profiles - despite having the capability to authenticate against an Active Directory server (like Samba 4). This in itself makes sense... they are after all on a Linux system, but I have found no integrated way to configure all the required services without manually editing each one, often putting in the same settings multiple times - in multiple config file languages. I intend to change that.</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">Furthermore there is little documentation offering an easy way to set up centralized backup for the server and the client devices it is supporting. I intend to change that too.</div><div style="font-family: Verdana,sans-serif; text-align: justify;"><br /></div><div style="font-family: Verdana,sans-serif; text-align: justify;">So, those are lofty goals and kind of nebulous... What deliverables do I expect to produce?</div><div style="font-family: Verdana,sans-serif;"><br /></div><ol style="font-family: Verdana,sans-serif;"><li>A script to automate setup of a Samba4 Domain Controller using Ubuntu standard packages, sensible defaults, and only a few user supplied values</li><li>A script to automate setup of Dovecot and Postfix to authenticate against and get virtual user configs from the Samba4 Domain controller of point 1</li><li>A script to automate setup of DaviCal to work with the DC of point 1</li><li>Documentation of how to use 1,2, and 3</li><li>Scripts to backup 1, 2, and 3, and re-build them onto a fresh install Ubuntu server.</li><li>Documentation of how to do 5, and how to do partial restores with the backup.</li><li>Documentation of how to set up Windows Backup to back up to 1</li><li>Scripts to configure NetATalk so that Macs can use time machine onto the same server, authenticating against 1</li><li>Documentation of how to use 8</li><li>PPA or mainline deb packages of 1-9</li></ol><br /><br /><span style="font-family: Verdana,sans-serif;">&nbsp;&nbsp; </span>Trent Whaleyhttp://www.blogger.com/profile/04314890501379552059noreply@blogger.com0